Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dutch ISP Files Police Complaint Against Spamhaus

Posted by timothy on from the my-way-or-the-highway dept.

judgecorp writes "Dutch ISP A2B has filed police complaints against anti-spam project Spamhaus, calling its CEO 'nuts' and accusing him of blackmail. Spamhaus added all A2B's addresses to a spam blacklist, when A2B did not obey the letter of its demands in blocking a spammer."

20 of 218 comments (clear)

  1. Incorrect summary by TechLA · · Score: 5, Interesting

    A2B DID block the spammer, they blocked his ip. What Spamhaus wanted was stop routing traffic for the whole CyberBunker (who route traffic for The Pirate Bay etc) who are not spammers. They had a single customer that spammed, and A2B as upstream provider blocked that ip instead. What they didn't do was block the innocent CyberBunker completely, and after that Spamhaus added A2B - completely third party - to their blacklist. That's complete bullshit and blackmail.

    1. Re:Incorrect summary by Anonymous Coward · · Score: 5, Insightful

      If spamhaus starts blacklisting entities that do not spam, people will stop trusting and using spamhaus. Police or no, Spamhaus is harming itself when it oversteps its natural bounds.

    2. Re:Incorrect summary by TheMMaster · · Score: 4, Interesting

      Thanks for that!

      I rent a server at cyberbunker and I have had long email discussions with spamhaus as well, with them going so far as suggesting that I go an find a new ISP.

      Especially since the IP space I got from them is just a regular PA, and the ranges whois informations has a record with my personal name, address and telephone number in it. Spamhaus doesn't understand how the Internet works and is trying to basically nuke the cyberbunker from orbit by going one provider up the chain until they can find someone that will turn off every route...

      Whereas the original spam report for the range was just ONE /29 that has the correct whois information...

      "Just pure spam and crime" that is rather offensive considering that I just run my personal email, xmpp and some other services there. You're just as bad as spamhaus.

      At the time I made a /. submission about it, I'll reproduce it below since the submission was rejected at the time:
      ---------
      "I run a small server for some minor projects of mine, a mailserver for my family and several friends at a hosting provider. A couple of weeks ago my father started to complain that some of his mails were no longer being received. Upon further inspection it turned out that my entire ISP's IP range (the entire /19) was put in the Spamhaus Blocklist (SBL). After sending a request to de-list the IP range I control (a /29 in their /19), I got the following response: "Due to the hosting policies of the owner of this IP address block, our users do not wish to accept traffic from these IPs. We suggest you look for other arrangements as to your hosting."

      The "Hosting policies" of my ISP do not appear to differ greatly from other ISPs, they name spamming as a breach of their TOS and do disconnect spammers. The only major difference I can see is that they do not give out personal information or kick (non spamming) clients off of the web without being legally forced to, which is a requirement in the EU country they are based in to qualify as a telco (and be not responsible for the content of their customers' websites) This stance towards net neutrality is why I chose them in the first place. Vote with your wallet, right?

      According to the Spamhaus website The SBL's primary objective is to avoid 'false positives' while blocking as much spam as possible. To me blocking an entire ISP's netblock for, according to the listing, a grand total of three consecutive /29's that were originally reported (and likely from the same customer) and an entire /24 that's labeled entirely as "trademark fraud replicas" does not seem to me to be "avoiding false positives".

      The end result is that without sending a single spam or hosting any malicious content, Spamhaus labels me a spammer and even 'cybercriminal' according to the SBL listing all because they apparently don't like my ISP . My questions being: Did any one of you ever find yourself between this particular rock and hard place? Did you manage to get the issue resolved without switching ISPs? And perhaps: Is it really Spamhaus' place to decide what ISP I use considering I'm a good netizen?"
      -----

      --
      Fighting for peace is like fucking for virginity
    3. Re:Incorrect summary by lewiscr · · Score: 2, Interesting

      Spamhaus has a policy of escalation. If the first blacklist doesn't work, widen the blacklist. Repeat until somebody notices. It worked for a while, it got customers like you to call your ISP to tell them to clean up their act.

      I was blacklisted that way. I had a /29, and another /29 near me was blacklisted. I found out when the /24 was blacklisted, and my customers called to complain. I was lucky, I had a business relationship with the other /29, and we were able to get it de-listed in a couple of days. I spent most of those 3 days on the phone.

      I've always found SpamHaus to be a bit draconian. From their point of view, they're a voluntary service, so they're free to shoot first and ask questions later. I however didn't find their service to be voluntary at all.

    4. Re:Incorrect summary by St.Creed · · Score: 2

      Forcing someone to cooperate "or else" can be construed as blackmail and can then be cause for a criminal suit - the fact that you can mitigate the attack does not remove the threat (just as buying a fire extinguisher doesn't mean being threatened by someone with arson is no longer a case for the police).

      --
      Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
    5. Re:Incorrect summary by TheMMaster · · Score: 2

      Maybe but in my case it was never resolved, as you can see spamhaus is now trying to cut *ME* off of the internet entirely.

      They are trying to get upstream to cut off the cyberbunker entirely, that is blackmail. And by cutting off the cyberbunker my IP range becomes entirely unroutabe, this leaves me in a rather precarious situation.

      --
      Fighting for peace is like fucking for virginity
    6. Re:Incorrect summary by anomaly256 · · Score: 2

      Also, blocking the service IS taking away a valuable item from A2B - for an ISP that's oxygen. It's damaging and crippling. They were effectively attacked and continued to be attacked until they gave in to unreasonable demands. That IS blackmail. Valuable items need not be tangible physical goods - intellectual property is valuable, time is valuable, reputation is also valuable.

    7. Re:Incorrect summary by Cramer · · Score: 2

      Once you've listed the spamming block, then your job is done. UNLESS the ISP moves them to another block (evades the listing), you have no reason to escalate. Just because the ISP doesn't do what you want them to isn't a reason to start listing more and more of their customers -- who are not spammers. This isn't helping the anti-spam cause; it is, in fact, undermining the cause.

      Things have certainly gone down hill there. They never choked BTI and we were Jeremy Jayne's ISP; every one of his netblocks were listed (often before they were even routed), but the company's ARIN assigned netblocks never were.

  2. Moral outrage fight! by 1_brown_mouse · · Score: 2

    GO!

    Seriously, anti-spam organizations tend to be as self righteous as born-again and on the wagon alcoholic evangelists.

    Isn't it time to kill email?

  3. It's all about the Opinion by Nom+du+Keyboard · · Score: 2, Informative

    Spamhaus publishes their Opinion about who are spam problems. It's a lot like Slashdot posts, which are the various contributor's Opinions. You can individually choose to believe, or not believe, any post(s) that you wish. And other ISP's can choose to accept, or reject, Spamhaus's Opinions about who and where troublesome spammers are. An Opinion is a very long way away from the accusation of Judge, Jury, and Executioner and only a fool would have made that unwarranted leap.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
    1. Re:It's all about the Opinion by TheCarp · · Score: 4, Insightful

      Right, except that many people just configure their mail servers to take that opinion as gospel, and spamhaus certainly makes it easy to do so and encourages it.

      So legally, you are indeed right. However, the end result is that their opinion carries a lot of weight, mostly because many many people just blindly apply it.

      So, in effect, they become judge jury and executioner, in that, once their opnion is that you have transgressed, you will instantly be blackballed all over the internet. They have become little more than a bully, which is too bad because, I mostly like them and mostly agree that this is the right way to operate.

      Of course.... I JUST posted my experience with them (or I should say, the experience that I came back from vacation to find one of my co-admins had):

      http://slashdot.org/comments.pl?sid=2474882&cid=37703752

      --
      "I opened my eyes, and everything went dark again"
    2. Re:It's all about the Opinion by Solandri · · Score: 2

      Once you make your opinions public, you can be charged with libel and malicious defamation of character in most countries. Especially in a case like this where many ISPs use Spahaus' lists so there are real, direct socio-economic consequences for wrongly blacklisting someone. (Not saying that's what happened here.)

    3. Re:It's all about the Opinion by Nom+du+Keyboard · · Score: 2

      Right, except that many people just configure their mail servers to take that opinion as gospel, and spamhaus certainly makes it easy to do so and encourages it.

      What other people do is not Spamhaus's responsibility. If I were to post here to Slashdot for everybody to take all of their money and throw it into the ocean to support world peace, I'm not responsible that somebody actually did that. Put the blame where it actually lies, and it doesn't lie with Spamhaus.

      --
      "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
    4. Re:It's all about the Opinion by macraig · · Score: 3, Interesting

      Spamhaus publishes their Opinion about who are spam problems. It's a lot like Slashdot posts, which are the various contributor's Opinions.

      What a quaint mis-framing by using the word "opinion" rather than what it actually is: a declaration. It's much more affirmative than a mere "opinion".

      This, BTW, is precisely why ALL blacklists are a crappy idea that ultimately always lead to this scenario. Crowdsourcing this sort of privacy/security function to anonymous people with unverified credibility leads to the well being poisoned with deliberate or unintended misinformation. They are even vulnerable to ill-intentioned people with axes to grind and a willingness to wreck significant swaths of the Internet to exact their vengeance.

    5. Re:It's all about the Opinion by Spazmania · · Score: 3, Insightful

      the end result is that [Spamhaus'] opinion carries a lot of weight, mostly because many many people just blindly apply it.

      Mostly because Spamhaus rarely lists address ranges that aren't involved in spamming and network abuse, and even more rarely for long. Spamhaus EARNED its reputation for cautious listing at the same time others like SORBS earned reputations for over-zealousness.

      That's why I'm surprised to see Slashdot folks taking these accusations seriously without any posted evidence. When Spamhaus lists an IP block, they document it publicly including their reasons. Sometimes it's because an organization has been caught moving spammers around inside their IP block. Sometimes there are other reasons. Usually they're pretty good reasons.

      Where's the copy of that posting?

      I know back when I ran an ISP, Spamhaus was the one I -didn't- have problems with.

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
  4. Re:Nuts? by www.sorehands.com · · Score: 2

    Yeah, they blocked one IP used by a spammer. How many spammers use one IP address? They use one IP address, then when that is blocked, switch to another, and another, and another....

    --
    Fight Spammers!
  5. Re:Responsibility goes both ways by realityimpaired · · Score: 2

    Just take a moment to think about where we'd be without Spamhaus.

    Actually, just about where we are right now. Most major mail providers don't use Spamhaus at all... it certainly doesn't affect delivery to GMail or Yahoo or anything like that. They use heuristic analysis of the messages (stuff like Spamassassin), coupled with Greylisting, forced delays in the server greeting, and throttling based on number of recipients. And it works. I don't get any spam at all to my inbox. None. And I've had the same address for nearly 6 years, now. And I don't use Spamhaus, SORBS, or any of the other lists like that, because you don't need them once you've set up your mail server properly. (and yes, I have set up my own mail server, which is sitting on a 100mbit pipe in colocation, with multiple domain names pointing at it, some of which are more than 10 years old).

    Lazy sysadmins use spamhaus like it's gospel. Ones that know what the hell they're doing realize they don't need spamhaus at all.

  6. A mailadmin writes... by buglista · · Score: 2
    I don't expect this will get modded up, because I'm only a mail admin with years of experience, and what do I know. Vive la web 2.0 etc.

    Spamhaus don't list people unless they've got a very good reason - that's why the majority of email providers, and likely your mail feed is using SBL. Steve is not crazy, and incidentally, business details are not subject to data protection provisions under the EU directive, so it is absolutely fine to say you kicked a spammer.

    Lie down with the dogs, get up with the fleas. Woohoo, you made your sales quota, but don't expect me to accept your email.

  7. Wrong blame by mrball_cb · · Score: 2

    You're blaming the wrong entity. If you're concerned with this, you should be complaining to your ISP _whom_you_pay_ that they use Spamhaus. You have control of your service, go buy it from someone who doesn't use Spamhaus. Spamhaus isn't screwing with your Inbox, your ISP _whom_you_pay_ is screwing with your Inbox by their choice to use Spamhaus.

    Don't get me wrong, I think Spamhaus is one of the best things since sliced bread. Why does your ISP _choose_ to use Spamhaus? Because the extra cost and resources involved with NOT using Spamhaus would impact their bottom line and they would have to charge you more.

    Before all the botnet takedowns, RBL's used to account for blocking about 80-85% of inbound connections. Now it's down to less than 50%.
    $ emailstats
    Webmail System Statistics for 2011-10-12

      TotalIncoming: 187662
                          RBL: 100601
                      Spams: 19439
                  Viruses: 192
                Accepted: 67430
    LocalDelivered: 53243
              Forwarded: 14187
          PercentGood: 35.9316

  8. Re:Good. by Eggplant62 · · Score: 2

    You don't realize how SMTP or the Internet works, my friend. A2B is about to suffer from a death by a good number of admins simply adding their network addresses to private firewall and routers settings. You see, what I do at the border of my network is my business. I consult Spamhaus for their opinion regarding the reputation of email traffic. My mail sever is set to query the Spamhaus DNS servers whenever another mail server connects to deliver mail. It's not by default that my server is set that way; I took action to make it so. Spamhaus is simply a consultant in this relationship. They watch for spammy mail. It's their list and if A2B didn't follow the requirements to be removed, then others like me may have problems receiving your email, again by our choice. Now, I'll take a few minutes to ensure that A2B's network blocks are listed in my own border router's rules file so that any traffic received there is simply tossed on the floor, not that I would expect much traffic. But then, that's just me. I can't predict the behavior of any other system admin out there. Your move.